Channels

Services

Mozilla addresses critical holes with Thunderbird 3.0.1

The Mozilla developers have announced the availability of the first security and stability update for version 3 of their popular open source Thunderbird email and news client. In addition to a number of stability and bug fixes, Thunderbird 3.0.1 addresses three critical vulnerabilities.

The update fixes a critical vulnerability in the browser engine used by Thunderbird that could cause a crash, possibly leading to memory corruption and the execution of arbitrary code. The other two critical bugs in liboggplay and the Theora video library could also lead to a crash and potentially allow the execution of arbitrary code on a victim's computer. These are the same vulnerabilities were patched in mid-December by version 3.5.6 of Firefox and by version 2.0.1 of the SeaMonkey "all-in-one internet application suite". The developers strongly recommend all users to upgrade to the latest release as soon as possible.